*bump*

The topic of single sign on [google.com] pops up every once in awhile here in the PHP Forum. It is a bit more complex than the average request and therefore not much feedback. However, it can indeed be accomplished as long as you have things ready on the "other" domain.

First, if the domain is the same, you can use the cookie to authenticate across subdomains by setting the path appropriately. However, in the event you want to authenticate across domains it gets more complex. And from your example, that seems to be the case in this event.

There are a few ways to accomplish the task, depending on what type of relationship you have with the other domain. If the other domain is on the same machine, you have some advantages in that you can use the filesystem/database server on that machine. If not, or you choose not to use that route, you can use encryption and shared secret keys to pass log in information to a "receiver" script on the other domain using redirection or a server-side socket. The receiving script should have a copy of the pre-defined shared secret key which will "unlock" the user credentials and use them to authenticate and log in the user on the second server.

Like I said, it isn't an easy task, but it is indeed something that can be accomplished. You'll see in some of my other posts in the link above on this topic that I mention SSO solutions that run on the Apache server. They stink if you ask me. I have programmed for them as well and have effectively written workarounds because they are so bad, so server intensive. What I'm saying is, if you can in any way, stay away from those types of solutions.

Good luck with your project!